Not all rules firing
Patrick Ben Koetter
p at sys4.de
Sun Jul 14 07:53:25 CEST 2013
* Kent Oyer <kent at micro-source.net>:
> Thanks Patrick. I thought of that as well. However, the network tests are firing for some messages but just not all. I have skip_rbl_checks 0 in my local.cf file and I have $sa_local_tests_only = 0 in my amavisd.conf file. I thought maybe the tests were timing out so I setup a non-forwarding, caching name server but that hasn't seemed to help either. Maybe there's another setting I'm missing.
If you can send the message through your system again. To see what SA does
when it runs from within amavis set either "debug_sa" in you amavisd
configuration or run it in the foreground like this:
# amavisd debug-sa
You should also tell more about your setup, configuration. Which MTA do you
use? How is it configured ...
On a sidenote: For reliable results configure these *_networks options in SAs
local.cf:
internal_networks
trusted_networks
msa_networks
p at rick
>
> Thanks
> Kent
>
> -----Original Message-----
> From: Patrick Ben Koetter [mailto:p at sys4.de]
> Sent: Friday, July 12, 2013 5:22 PM
> To: amavis-users at amavis.org
> Subject: Re: Not all rules firing
>
> * Kent Oyer <kent at micro-source.net>:
> > Hello,
> >
> > I hope someone out there can help me. Everything was working great but recently I am seeing a lot of spam slipping through. When I look at the message headers and I see very few tests are hitting.
> >
> > X-Spam-Status: No, score=2.067 tag=x tag2=3.5 kill=3.5 tests=[BAYES_60=1.5,
> > RP_MATCHES_RCVD=-0.303, SARE_MLH_Stock1=0.87] autolearn=no
> >
> > However, when I take the same message and pipe it through spamassassin -t, I get a very different result:
> >
> > Content analysis details: (12.4 points, 5.0 required)
> >
> > pts rule name description
> > ---- ---------------------- --------------------------------------------------
> > 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
> > https://senderscore.org/blacklistlookup/
> > [66.197.238.137 listed in bl.score.senderscore.com]
> > 1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
> > [URIs: underneathright.com]
> > 1.2 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
> > [URIs: underneathright.com]
> > 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
> > [URIs: underneathright.com]
> > 0.9 SARE_MLH_Stock1 Subject mentions stock or stock related words
> > 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
> > [score: 0.5285]
> > 1.1 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
> > 0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
> > 1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
> > above 50%
> > [cf: 100]
> > 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
> > [cf: 100]
> > 0.3 DIGEST_MULTIPLE Message hits more than one network digest check
> >
> > I am using a SQL database for lookups. How would I begin to troubleshoot this?
>
> Seems like all tests that require network access aren't used, when the mail is processed by your mailserver/content filter. There's an option to switch that off in spamassassin and IIRC you can also control that from within amavis sa_... settings. This is where I'd look first.
>
> p at rick
>
>
> --
> [*] sys4 AG
>
> http://sys4.de, +49 (89) 30 90 46 64
> Franziskanerstraße 15, 81669 München
>
> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
> Aufsichtsratsvorsitzender: Florian Kirstein
>
>
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the amavis-users
mailing list